Equifax Data Breach: Additional Information

Equifax said a cyberattack exploited an exposure in their website software that impacted 143 million consumers.The hackers also gained access to files containing names, Social Security numbers, birth dates, addresses and driver’s license numbers. In addition, the hackers took credit card numbers for about 209,000 consumers as well as “dispute” documents for about 182,000 consumers. Finally, Equifax said the breach also impacted an undisclosed number of people in Canada and England.

Equifax said the breach was open from mid-May to July 29. On September 7, forty-one (41) days later, it reported the breach.

After Equifax revealed the cyberattack, thousands logged onto the Equifax website to see if they were at risk. For many, the site did not work at first. But for those who got through, an unpleasant surprise was waiting.

Equifax offered a free year of credit monitoring known as “TrustedID Premier” if the consumer’s data was indeed stolen. But in the fine print, consumers found that by agreeing to the service, they would give up the right to sue over damages related to the attack. If they wanted to recover damages they would have to go an arbitration process set up by Equifax. Lawmakers jumped into the fray and social media flooded the airwaves with messages of concern, worried that the private proceeding was inherently biased in favor of Equifax. After a day of harsh criticism, Equifax said consumers would not have to give up their right to pursue class action lawsuits related to damages stemming from the incident.

To see the courses of action the Federal Trade Commission has provided on the breach,